10 February 2015

15 Tips to Safely Surf the Internet

Mark Kuhr

Happy Safer Internet Day

Today is Safer Internet Day and here at Synack, we want to share with you our top tips on how to protect yourself and your information online.

1.     Create an email account specifically for your financial accounts.  Fewer people will have this email address thus it is less likely to be targeted and hacked.  Some might consider using a different email address for each financial institution.

2.     Use a password manager such as 1Password, KeePass or LastPass.  Password managers simplify the process of creating and keeping track of your passwords.  They have the added benefit of evaluating the strength of your password. Read more about this from one of our prior blog posts here.

3.     Use a two-factor authentication system.  A double layer of security is essential to protecting your information.  Applications like Google Authenticator, Authy, Duo Security or RSA SecurID are prime examples.

4.     Look for the green ‘https’ on the address of sites you need to trust.  The “https” indicates a secure site with a trusted certificate.

5.     Don’t skip through SSL errors.  It could be a sign someone is attacking your internet connection.  If you come across this notification, contact your Systems Administrator.

6.     Read all error messages.  If you receive an error message, do not simply click through–these are to be taken seriously and you should, again, contact your Systems Administrator.

7.     Don’t use public computers to log on and access or view your financial accounts even if you see https.  Shared computers in public spaces could be compromised and logging your key presses.

8.     Lock your computer anytime you walk away.  If it is a shared computer, log out and close all web browsers when done with a session, simply closing a tab or browser often is not enough.  This prevents someone from logging on through your authenticated session.

9.  Consider using NoScript to prevent Flash and JavaScript from running to protect yourself and only enable these from running on sites you trust.

10. Encrypt your hard drive and your phone with software that protects your files if your laptop or phone is stolen.  Use full disk encryption on your computer (such as FileVault or BitLocker).  If further encryption is needed, use the OS’s default method for encrypted containers.

11. Protect your phone with a password.  People use their phones as an extension of themselves these days, which means they contain a lot of valuable information putting your information at risk if the device is stolen.  Using a 4-digit number is easy to crack and swiped keycodes are easy to find based on the smears they leave behind.

12.  Install anti-theft software like  Prey  or (for Apple devices) simply use ‘Find my device‘ via iCloud  on your laptop, phone or tablet.  Doing this allows you to track and potentially recover your devices.

13. Never reuse passwords.  Also, avoid using a set of passwords based on easily guessed schemes.

14. If you get a virus, reinstall your whole computer from the original factory image.  Once a virus has taken control of your computer, it is extremely difficult to ensure that it has been fully erased.

15. Avoid joining unsecured Wifi networks.  Sites should, but don’t always, encrypt sensitive communication.  If you wouldn’t let someone at Starbuck’s shoulder surf you, don’t do it in on an open network.